January 2013 - baseband-devel - lists.osmocom.org

Engagetted !

by Sébastien Lorquet

http://www.engadget.com/2010/12/29/researchers-eavesdrop-on-encrypted-gsm-c… Congrats!

6 months

5
5
0 0

Sniffing GPRS

by canarion

Hi, After compiling osmocom-bb and apply sylvain/burst_ind branch and gprs_multi.patch, I execute it and try to sniff gprs traffic. I loaded the layer1 into my C139 and I obtained an ARFCN code (883). When I run ccch_scan -a 883 I get the next result: opyright (C) 2010 Harald Welte <laforge(a)gnumonks.org> Contributions by Holger Hans Peter Freyther License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Failed to connect to '/tmp/osmocom_sap'. Failed during sap_open(), no SIM reader <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1476410343) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(1207963561) <0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x1ad1cda) <0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x41ae98f9) <0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a to imsi M(214031385056117) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3306441249) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214031482053520) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214036185306441) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4207880193) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4135931713) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4214223105) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3388536385) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(134915836) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3961436929) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4229756769) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(531909) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214034185316455) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3829437761) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214033485554660) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3639403521) <0001> app_ccch_scan.c:105 SI1 received. <0001> app_ccch_scan.c:464 unknown PCH/AGCH type 0x00 <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3827744513) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(335734299) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3561969409) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4294310401) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3698994241) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3682615617) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(67866789) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4003487553) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3770351169) <0001> app_ccch_scan.c:400 Paging1: Normal paging chan tch/f to TMSI M(0x41ae98f9) <0001> app_ccch_scan.c:403 Paging2: Normal paging chan tch/f to TMSI M(0x1ad1cda) <0001> app_ccch_scan.c:426 Paging3: Normal paging chan n/a to imsi M(214031385056117) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3306441249) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214031482053520) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214036185306441) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4102036289) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(4135931713) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to imsi M(214032485273805) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3798414145) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(134915836) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3988859137) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(3735175681) <0001> app_ccch_scan.c:360 Paging1: Normal paging chan tch/f to tmsi M(531909) <0001> app_ccch_scan.c:248 GSM48 IMM ASS (ra=0x78, chan_nr=0x0f, HSN=24, MAIO=1, TS=7, SS=0, TSC=1) Dropping frame with 55 bit errors <000c> l1ctl.c:238 Dropping frame with 55 bit errors <000c> l1ctl.c:290 BURST IND: @(830928 = 0626/20/36) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830928 = 0626/20/36) (-110 dBm, SNR 8) <000c> l1ctl.c:290 BURST IND: @(830929 = 0626/21/37) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830929 = 0626/21/37) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830930 = 0626/22/38) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830930 = 0626/22/38) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830931 = 0626/23/39) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830931 = 0626/23/39) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830932 = 0626/24/40) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830932 = 0626/24/40) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830933 = 0626/25/41) (-105 dBm, SNR 8, UL, SACCH) <000c> l1ctl.c:290 BURST IND: @(830933 = 0626/25/41) (-107 dBm, SNR 5, SACCH) <000c> l1ctl.c:290 BURST IND: @(830934 = 0626/00/42) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830934 = 0626/00/42) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830935 = 0626/01/43) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830935 = 0626/01/43) ( -83 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830936 = 0626/02/44) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830936 = 0626/02/44) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830937 = 0626/03/45) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830937 = 0626/03/45) ( -89 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830938 = 0626/04/46) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830938 = 0626/04/46) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830939 = 0626/05/47) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830939 = 0626/05/47) ( -82 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830940 = 0626/06/48) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830940 = 0626/06/48) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830941 = 0626/07/49) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830941 = 0626/07/49) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830942 = 0626/08/50) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830942 = 0626/08/50) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830943 = 0626/09/00) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830943 = 0626/09/00) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830944 = 0626/10/01) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830944 = 0626/10/01) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830945 = 0626/11/02) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830945 = 0626/11/02) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830947 = 0626/13/04) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830947 = 0626/13/04) ( -84 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830948 = 0626/14/05) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830948 = 0626/14/05) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830949 = 0626/15/06) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830949 = 0626/15/06) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830950 = 0626/16/07) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830950 = 0626/16/07) ( -89 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830951 = 0626/17/08) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830951 = 0626/17/08) ( -88 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830952 = 0626/18/09) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830952 = 0626/18/09) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830953 = 0626/19/10) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830953 = 0626/19/10) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830954 = 0626/20/11) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830954 = 0626/20/11) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830955 = 0626/21/12) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830955 = 0626/21/12) (-106 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830956 = 0626/22/13) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830956 = 0626/22/13) (-107 dBm, SNR 5) <000c> l1ctl.c:290 BURST IND: @(830957 = 0626/23/14) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830957 = 0626/23/14) (-106 dBm, SNR 2) <000c> l1ctl.c:290 BURST IND: @(830958 = 0626/24/15) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830958 = 0626/24/15) (-108 dBm, SNR 1) <000c> l1ctl.c:290 BURST IND: @(830959 = 0626/25/16) (-106 dBm, SNR 2, UL, SACCH) <000c> l1ctl.c:290 BURST IND: @(830959 = 0626/25/16) (-109 dBm, SNR 5, SACCH) <000c> l1ctl.c:290 BURST IND: @(830960 = 0626/00/17) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830960 = 0626/00/17) (-108 dBm, SNR 3) <000c> l1ctl.c:290 BURST IND: @(830961 = 0626/01/18) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830961 = 0626/01/18) (-106 dBm, SNR 2) <000c> l1ctl.c:290 BURST IND: @(830962 = 0626/02/19) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830962 = 0626/02/19) (-108 dBm, SNR 3) <000c> l1ctl.c:290 BURST IND: @(830963 = 0626/03/20) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830963 = 0626/03/20) (-107 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830964 = 0626/04/21) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830964 = 0626/04/21) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830965 = 0626/05/22) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830965 = 0626/05/22) ( -87 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830966 = 0626/06/23) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830966 = 0626/06/23) ( -85 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830967 = 0626/07/24) ( -47 dBm, SNR 255, UL) <000c> l1ctl.c:290 BURST IND: @(830967 = 0626/07/24) ( -86 dBm, SNR 255) <000c> l1ctl.c:290 BURST IND: @(830968 = 0626/08/25) (-107 dBm, SNR 6, UL) <000c> l1ctl.c:290 BURST IND: @(830968 = 0626/08/25) (-109 dBm, SNR 0) <000c> l1ctl.c:290 BURST IND: @(830969 = 0626/09/26) (-101 dBm, SNR 6, UL) But it stop to capture frames, seems to be left in a standby state and I don't know why that is. With gprsdecode I can see the next image in the wireshark: http://baseband-devel.722152.n3.nabble.com/file/n3712433/wireshark-capture.… If someone knows what is the problem, please tell me. Thanks in advance. Cheers, Dani -- View this message in context: http://baseband-devel.722152.n3.nabble.com/Sniffing-GPRS-tp3712433p3712433.… Sent from the baseband-devel mailing list archive at Nabble.com.

7 years, 4 months

8
12
0 0

Please can anyone advise me - FMTOOL Error and no further processing

by Raz Sharif

Dear all, I vae the C115 with a T1 USB to Serial cable with the Prolific chipset. When i run osmocon i get :- an its just sits there with no further processing. ./osmocon -p /dev/ttyUSB0 -m c123xor ../../target/firmware/board/compal_e88/loader.compalram.bin read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=17120, hdr_len=4, dnload_len=17127 read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=17120, hdr_len=4, dnload_len=17127 got 1 bytes from modem, data looks like: 00 . got 2 bytes from modem, data looks like: 2f 00 /. got 1 bytes from modem, data looks like: 1b . got 3 bytes from modem, data looks like: f6 02 00 ... got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ Received PROMPT1 from phone, responding with CMD got 1 bytes from modem, data looks like: 66 f got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6d m got 1 bytes from modem, data looks like: 74 t got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 6c l Received FTMTOOL from phone, ramloader has aborted got 1 bytes from modem, data looks like: 65 e got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 6f o got 1 bytes from modem, data looks like: 72 r got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 00 . I think the cable is ok as when i run my fingers on the tip i get random Zeros so it appears to be talking to the cable. Also when i tried to run Mobile i get the :- even though i created the Mobile.cfg file in /etc/osmoco Failed to parse the config file: '/home/raz/.osmocom/bb/mobile.cfg' Please check or create config file using: 'touch /home/raz/.osmocom/bb/mobile.cfg' I have spent some hours researching the lists and trying various things to no avail but I want to continue until I resolve this issues and use this great stack to learn about the GSM network. Please advise. Great full for any help or pointers but this maybe a timing issue that is difficult to debug. Thanks Raz

7 years, 11 months

5
6
0 0

cell re-selection

by Andreas.Eversberg

hi, i did a lot of resarch and testing on cell selection and re-selection process the last two week. the cell selection process, network selection process (manual and automatic) and mobility management process were already implemented in OsmocomBB a long time, but turned out to be buggy and incomplete. i made test drives to check the process and debugged it. the re-selection process is new. it is used to track surrounding cells while listening to the BCCH of the current cell (camping on a cell). special extension to the layer1 firmare is used to measure neighbour cells. if an neighbour cell becomes 'better', the mobile switches to that cell, depening on different criteria. now it is possible to move with OsmocomBB. the re-selection process is not handover! handover is a process where a phone switches between cells while doing a call. handover is one next step to implement. the process is a little more complex, because it requires not only neighbour cell measurements, but also syncing to them without interrupting the traffic channel. most layer 3 stuff of handover is already implemented. if you like to play and test your moving OsmocomBB, you can check out the "jolly/roaming" branch. it contains the extension to layer1, as well as sim reader and fixes from "sylvain/testing" branch. use both "mobile" and "layer1" firmware from this branch. in order to see some process at VTY, you can do: enable monitor network 1 (continously display the strongest cell and neighbour cells) show ms 1 (to see current states) show neighbour-cells 1 (to see a more detailed current list of neighbours) andreas

8 years, 1 month

3
3
0 0

Set fixed TMSI and Kc

by Simian Denson

Hi, in the osmocom bb mobile.cfg I don't see any posibility to set a fixed Kc encryption key and the tmsi. How could I achieve that osmocom uses my defined Kc and tmsi? cheers, Simian

8 years, 1 month

5
21
0 0

Location update problems on Motorola C118

by Maciej Grela

Hi, I'm trying to run the latest osmocom-bb git on a Motorola C118 phone. After a minor problem with the build (as you may've noticed in the patch I've sent). I got to the point of successfuly running layer1 on the phone and the mobile app on the PC (I have also enabled TX). The process seems to be stuck on trying to perform a location update. The status of the ms is always either: show ms MS '1' is up, MM connection active IMEI: 000000000000000 IMEISV: 0000000000000000 IMEI generation: fixed automatic network selection state: A1 trying RPLMN MCC=104 MNC=002 (104, 002) cell selection state: connected mode 1 ARFCN=19 MCC=104 MNC=002 LAC=0xb00f CELLID=0x4fd9 (104, 002) radio ressource layer state: connection pending mobility management layer state: wait for RR connection (location updating) OsmocomBB> or show ms MS '1' is up, service is limited (pending) IMEI: 000000000000000 IMEISV: 0000000000000000 IMEI generation: fixed automatic network selection state: A1 trying RPLMN MCC=104 MNC=002 (104, 002) cell selection state: C3 camped normally ARFCN=19 MCC=104 MNC=002 LAC=0xb00f CELLID=0x4fd9 (104, 002) radio ressource layer state: idle mobility management layer state: MM idle, attempting to update OsmocomBB> I think, that because of this I can't make any calls or send sms (all the requests are being rejected): OsmocomBB# call 1 <X> call 1 <X> OsmocomBB# % (MS 1) % Call has been rejected The log information from mobile when it's trying to do a location update is show below: <000b> gsm48_rr.c:2174 PAGING REQUEST 1 <000b> gsm48_rr.c:2141 IMSI 260021964220249 (not for us) <000b> gsm48_rr.c:2132 TMSI fd82a501 (not for us) <000e> gsm48_mm.c:344 Location update retry <0005> gsm48_mm.c:345 timer T3211 (loc. upd. retry delay) has fired <0005> gsm48_mm.c:4311 (ms 1) Received 'MM_EVENT_TIMEOUT_T3211' event in state MM IDLE, attempting to update <000e> gsm48_mm.c:2199 Perform location update (MCC 104, MNC 002 LAC 0xb00f) <0005> gsm48_mm.c:2333 LOCATION UPDATING REQUEST <0005> gsm48_mm.c:2355 using LAI (mcc 104 mnc 002 lac 0xb00f) <0005> gsm48_mm.c:2363 using TMSI 0x28a3d62e <0005> gsm48_mm.c:914 new state MM IDLE, attempting to update -> wait for RR connection (location updating) <0001> gsm48_rr.c:5428 (ms 1) Message 'RR_EST_REQ' received in state idle (sapi 0) <000e> gsm48_rr.c:1318 Establish radio link due to mobility management request <0003> gsm322.c:4037 (ms 1) Event 'EVENT_LEAVE_IDLE' for Cell selection in state 'C3 camped normally' <0003> gsm322.c:823 new state 'C3 camped normally' -> 'connected mode 1' <0003> gsm322.c:3653 Going to camping (normal) ARFCN 19. <0003> gsm322.c:463 Sync to ARFCN=19 rxlev=-74 (Sysinfo, ccch mode NON-COMB) <0001> gsm48_rr.c:366 new state idle -> connection pending <0001> gsm48_rr.c:1465 CHANNEL REQUEST: 00 (Location Update with NECI) <0003> gsm322.c:2938 Channel synched. (ARFCN=19, snr=16, BSIC=17) <0001> gsm322.c:2959 using DSC of 90 <0003> gsm48_rr.c:4816 Channel provides data. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 5) <0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no S(lots) 0 ra 0x0e) <0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 4) <0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no S(lots) 55 ra 0x07) <0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x75 chan_nr 0x0a MAIO 0 HSN 38 TS 2 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x75 chan_nr 0x0a MAIO 0 HSN 38 TS 2 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 3) <0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no S(lots) 55 ra 0x0f) <0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 2) <0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no S(lots) 55 ra 0x01) <0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 1/553m ra 0x18 chan_nr 0x59 ARFCN 19 TS 1 SS 3 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 1/553m ra 0x18 chan_nr 0x59 ARFCN 19 TS 1 SS 3 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 1) <0001> gsm48_rr.c:1658 RANDOM ACCESS (Tx-integer 50 combined no S(lots) 55 ra 0x0a) <0001> gsm48_rr.c:1697 Use MS-TXPWR-MAX-CCH power value 5 (33 dBm) <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 1 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:1601 RANDOM ACCESS (requests left 0) <0001> gsm48_rr.c:1605 Done with sending RANDOM ACCESS bursts <0001> gsm48_rr.c:836 starting T3126 with 5.000 seconds <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2225 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x0a chan_nr 0x41 ARFCN 19 TS 1 SS 0 TSC 1) <0001> gsm48_rr.c:2393 request 0a matches but not frame number (IMM.ASS fn=22,6,30 != RACH fn=22,5,25) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x05 chan_nr 0x49 ARFCN 19 TS 1 SS 1 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x05 chan_nr 0x49 ARFCN 19 TS 1 SS 1 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2225 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-77 snr= 0 ber= 6 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x00 chan_nr 0x61 ARFCN 19 TS 1 SS 4 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2473 (ta 2/1107m ra 0x00 chan_nr 0x61 ARFCN 19 TS 1 SS 4 TSC 1) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x7d chan_nr 0x0b MAIO 0 HSN 38 TS 3 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x7d chan_nr 0x0b MAIO 0 HSN 38 TS 3 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 0 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2225 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2225 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 3 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x77 chan_nr 0x09 MAIO 0 HSN 38 TS 1 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2450 IMMEDIATE ASSIGNMENT: <0001> gsm48_rr.c:2462 (ta 2/1107m ra 0x77 chan_nr 0x09 MAIO 0 HSN 38 TS 1 SS 0 TSC 0) <0001> gsm48_rr.c:2503 Request, but not for us. <0001> gsm48_rr.c:2225 PAGING ignored, we are not camping. <0001> gsm48_rr.c:2170 PAGING ignored, we are not camping. <0001> gsm48_rr.c:673 MON: f=19 lev=-78 snr= 0 ber= 6 LAI=104 002 b00f ID=4fd9 <0001> gsm48_rr.c:765 timer T3126 has fired <000e> gsm48_rr.c:770 Requesting channel failed <0001> gsm48_rr.c:366 new state connection pending -> idle <0003> gsm322.c:4037 (ms 1) Event 'EVENT_RET_IDLE' for Cell selection in state 'connected mode 1' <0003> gsm322.c:3565 Selecting ARFCN 19. after LOC.UPD. <0003> gsm322.c:463 Sync to ARFCN=19 rxlev=-74 (Sysinfo, ccch mode NON-COMB) <0003> gsm322.c:823 new state 'connected mode 1' -> 'C3 camped normally' <0005> gsm48_mm.c:3902 (ms 1) Received 'RR_REL_IND' from RR in state wait for RR connection (location updating) (sapi 0) <0005> gsm48_mm.c:2732 RR link released after loc. upd. <000e> gsm48_mm.c:2676 Location update failed <000e> gsm48_mm.c:2686 Try location update later <0005> gsm48_mm.c:2688 Loc. upd. failed, retry #0 <0005> gsm48_mm.c:413 starting T3211 (loc. upd. retry delay) with 15.0 seconds <0005> gsm48_mm.c:1143 We are camping normally as returning to MM IDLE <0005> gsm48_mm.c:1159 Loc. upd. allowed. <0005> gsm48_mm.c:919 new state wait for RR connection (location updating) -> MM IDLE, location updating needed <0005> gsm48_mm.c:909 new MM IDLE state location updating needed -> attempting to update <0005> gsm48_mm.c:2215 Loc. upd. already pending. <0005> gsm48_mm.c:4311 (ms 1) Received 'MM_EVENT_CELL_SELECTED' event in state MM IDLE, attempting to update <0005> gsm48_mm.c:2215 Loc. upd. already pending. <0003> gsm322.c:2938 Channel synched. (ARFCN=19, snr=16, BSIC=17) <0001> gsm322.c:2959 using DSC of 90 Can you provide me any hints on how to debug this ? Why is the location update failing constantly ? Thanks in advance for your help. Best regards, Maciej Grela

9 years, 5 months

6
9
0 0

Re: Any interest for Osmocom meetings in Bavaria ?

by Dieter Spaar

So far three persons have indicated their interest to join a meeting at my place. Considering the time it takes to drive to my place, it probably makes sense to have the meeting at the weekend (either Saturday or Sunday) so that there is more time for the meeting itself. I can suggest one of the following dates for the first meeting, somewhere between 10:00 to 18:00 on each day: 25.8. (Sa) or 26.8. (Su) 1.9. (Sa) or 2.9. (Su) 8.9. (Sa) or 9.9. (Su) So please let me know when you have time and also make suggestions in which Osmocom topic you are interested in so that we can have some sort of agenda for the meeting to make best use of the time. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

10 years, 10 months

13
42
0 0

asn.1 compilation

by ☎

Hello. I'm having troubles compiling asn.1 files from http://www.3gpp.org/ftp/Specs/archive/24_series/24.080/ASN.1/ I'm getting syntax error (syntax error at line 264 in module SS-Operations.asn: got 'SEQUENCE' expected ':') while running erlc SS-Operations.asn using Erlang version 15.b.1 As far as I recall Harald has done this for MAP asn.1 Are there any hints on what might be wrong? Tried online compiler but it gives different errors in different places. Should I use different version? Compile smth else before attempting to compile this file? Fix syntax using some clever trick? Do some rtfm? Any advices would be greatly appreciated. -- best regards, Max, http://fairwaves.ru

11 years

3
5
0 0

AW: The call has been rejected

by Andreas.Eversberg

hi josephli, > Read stored BA list mnc=01 the mobile application stores the last cells and neighbour cells (band allocation) of each network. this way the scanning is much faster when restarting. because you use the SIM card with MNC == 02 the first time, there is no band allocation stored for that. the mobile will do a full scan in this case. > while the sim card service I am tesing is actually with mnc 00 and 02. i know that MNC == 0 will not work until i commited improvements of cell selection process last sunday. you should retry that, but first try with an MNC > 0. can you provide debug output when trying a call? also can you provide VTY output of "show ms" before you make the call? regards, andreas

11 years

3
2
0 0

status report layer1 and layer23

by Andreas.Eversberg

hi, i just fixed some locking issues the last days. fix will follow. it took a bit longer, because there were some race conditions. it took up to about one hour until it crashed. my way to detect the area where the crash happened, was to turn on buzzer before that area, and turn it off after that area. after many hours of approximation, i finally found out that the major crash happend during _talloc_zero. (first it looks for a free memory chunk, then it allocates it.) since it can be called from all contexts (main, irq, fiq), it need to be locked against any interrupt, otherwise the memory chunk can be assigned multiple times. (the process of _talloc_free is "atomic" and requires no locking.) because it seems pretty stable, i think it is time to merge some branches into the master. (i made a 6 hours call yesterday. and no crash after bugfix ever since.) i will do that together with sylvain, if we find the time this weekend. currently i use the jolly/voice together with the sylvain/traffic branch. i am able to use an isdn phone togehter with linux-call-router and make/receive calls. audio is passed both ways. i think this is a stage where it actually become "usable". (if not moving arround.) one of my major work for the next weeks/months will be the neighbour cell measurement, cell re-selection, and handover. this is essential when moving with the phone. regards, andreas

11 years

2
1
0 0

is the Viterbi decode for the AFS provided by Sylvain right?

by bob

Hi ,List: search some materials, find that the decode method of AFS convolutional code is different from the EFS`, it use RSC, and need SOVA(soft output viterbi algorithm). am i right? -- View this message in context: http://baseband-devel.722152.n3.nabble.com/is-the-Viterbi-decode-for-the-AF… Sent from the baseband-devel mailing list archive at Nabble.com.

11 years, 1 month

4
7
0 0

Structure of traffic data in burst_ind messages

by Bhaskar11

I'm experimenting with burst-ind branch and am able to track control messages in ccch_scan. I then send an Assignment Command to change to a traffic channel. I can see the bursts come in, but cannot make out the format of the data. If I understand right, the burst_ind structure holds 15 bytes of data, but the traffic data should be 33 bytes. I assume the traffic data is spread across several burst-ind messages. Can you please clarify how to re-assemble the full 33-byte traffic data structure from the burst_ind messages? Thanks. B.

11 years, 2 months

3
13
0 0

Hardware replacement for uplink sniffing

by Roddy Ernest

Hello, I know that there is a hardware replacement kit that is available for Osmocombb phones that help make the phones be used as uplink sniffers, but unfortunately the kit uses components that operate in the European GSM bands. Are there any hardware replacement kits for Osmocombb phones that operate in the U.S. GSM frequency bands? Sincerely, Roderick Ernest

11 years, 2 months

2
1
0 0

Decoding AMR

by Bhaskar11

I've been experimenting with decoding AMR in burst_ind with the following steps: 1. Ignore SACCH and UL frames 2. check for FACCH 3. check for CMI/CMR (only on specific frame numbers) and change codec if necessary after 12 frames 4. check for RATSCCH, if necessary change codec after 12 frames Can anyone confirm that this is the proper process? I've looked at Bob's code of July 2012. It does not use the above checks which may be the reason for its failure. B. ===================== From: bob <avwiseav <at> gmail.com> Subject: is my patch for capturing TCH frame correctly?<http://news.gmane.org/find-root.php?message_id=%3c1342688308441%2d4025199.p…> Newsgroups: gmane.comp.mobile.osmocom.baseband.devel<http://news.gmane.org/gmane.comp.mobile.osmocom.baseband.devel> Date: 2012-07-19 08:58:28 GMT (27 weeks, 6 days, 20 hours and 14 minutes ago) Hi, everyone interesting the topic, this is my latest patch for TCH decode, fix few bug; but it not work well for TCH AMR decode, welcome everyone interesting it to review it and modify it! the most problem now I think is the capture of the Correct TCH frame, at the last ,there is some output for analysis --- app_ccch_scan.c 2012-03-14 16:08:11.305112000 +0800 +++ new_app_ccch_scan.c 2012-07-19 15:32:31.945314000 +0800 <at> <at> -50,20 +50,80 <at> <at> #include <l1ctl_proto.h> #include <osmocom/bb/misc/xcch.h> +#include <codec.h> +#include "conv_tch_afs.h" +//#include "../openbtsstuff/GSML1FEC.h" +//extern bool TCHFACCHL1Decoder::processBurst( const RxBurst& inBurst); +//const struct osmo_conv_code conv_tch_afs_12_2; +extern FILE *log_tmsi; extern struct gsmtap_inst *gsmtap_inst; +FILE *d_speech_file; +const unsigned char amr_nb_magic[6] = { 0x23, 0x21, 0x41, 0x4d, 0x52, 0x0a }; +

11 years, 2 months

1
0
0 0

Help with JTAG

by teslarode＠yahoo.com

Hello, I've found a very interesting article about SciphoneDream G2 published on your webpage at http://bb.osmocom.org/trac/wiki/SciphoneDreamG2 that covers pretty detailed information about MT6235 SoC, bootstrapping as well as JTAG. This is the only article I have ever found on internet about MTK SoC and JTAG. What I am trying to accomplish is to access NAND flash and write to it over JTAG (in order to recover from corruption after bad flash) on MTK8555 SoC which according to my in-depth research and analysis has very similar architecture to MT6235. If I can't write to NAND over JTAG but would be able to launch u-boot that would be a solution too. I am very good at ARM assembly and debugging, however I am not very experienced with JTAG. Do you think you (or anyone else) could help me out, by giving me guidance what hardware, software, config files should I use to make JTAG work on this SoC ? Any help or advise would be more then appreciated! If you are a wrong person I contacted, I apologize for the inconvenience. Many thanks in advance! Dwayne

11 years, 2 months

2
1
0 0

Mistake in gsm_04_08.h channel mode definition

by Bhaskar11

In enum gsm48_chan_mode definitions we have: GSM48_CMODE_DATA_3k6 = 0x23, It should be 0x13 as in 3GPP TS 04.08 / 10.5.2.6. Please update in repository.

11 years, 2 months

2
1
0 0

thanks for osmocom, my goals, available to test c139 & c115

by Craig Comstock

Hi, I have bought two phones... Motorola C139 and Motorola C115. I'm using the raspberry PI UART instead of a dedicated cable and got the hello world example working just fine on the C115. My goal is to have a usable open source phone which I see there is a bit of a start at in the source code. I've been working on getting debian on my Motorola Defy for a while and am making some progress. Since I have two phones... I am certainly willing to help in testing things. I can't promise a lot of time but I can hope to help a little. Thanks for your efforts, Craig Comstock Lawrence, KS

11 years, 2 months

2
1
0 0

another method for filter rework

by Akib Sayyed

Dear sylvain I checked on your website you gave some other way of doing filter rework. I checked tried to check problem n checked possible shorts. but multi meter shows all part are shorted. also checked each components but it shows that there is direct connection in between all points of baluns. i would like to try other way for same -- Akib Sayyed Matrix-Shell akibsayyed(a)gmail.com akibsayyed(a)matrixshell.com Mob:- +91-966-514-2243

11 years, 2 months

2
3
0 0

Dumping DSP

by Akib Sayyed

Dear list i see there is target_dsp firmware. as per readme found inside it dumps dsp data on console. but i am unable to compile. it needs tic54x-coff but couldnt find it. can any one guide me through this. -- Akib Sayyed Matrix-Shell akibsayyed(a)gmail.com akibsayyed(a)matrixshell.com Mob:- +91-966-514-2243

11 years, 2 months

1
0
0 0

Implementing AMR Codec for Mobile App

by Akib Sayyed

Dear All Currently i am trying to implement AMR codec for Mobile App. Please guide me for same. I am not that good in channel decoding. if anyone have given a try or have partial code implementation please help me in that. -- Akib Sayyed Matrix-Shell akibsayyed(a)gmail.com akibsayyed(a)matrixshell.com Mob:- +91-966-514-2243

11 years, 2 months

2
4
0 0

Some beginner questions and comments

by Klaus Darilion

Hi! First I do not know if this is the proper mailing lists, as I am not a developer but a user. But I couldn't find a user list. So please advice if there is a better list. I started playing with Osmocom and my "brand new" C118 :-) and meanwhile I made my first open source GSM phone call. Following is my list of questions and suggestions I experienced so far: - Build System: since the "Use the system wide libosmocore for host applications" commit it is required that libosmocore is built separately. But the documentation is still confusing. Thus I think it would be good to: - remove the libosmocore subtree git from osmocom-bb git - remove this line of text from http://bb.osmocom.org/trac/wiki/libosmocore: "When you download and build OsmocomBB, then libosmocore is automatically part of the package, no special action is required." - osmocom: some wiki pages refer to an "osmocom" application. Is there an osmocom binary? (I think most times it is a typo for osmocon) - I use Wireshark to capture the GSMTAP packets of "monitor". How do I find out in the Wireshark trace if a message is sent from the MS or is received by the MS? - I want to study the high layer messages (e.g. not cell selection but call setup, registering to the network) but I am lost in the debug flags: DCS:DNB:DPLMN:DRR:DMM:DSIM:DCC:DMNCC:DSS:DLSMS:DPAG:DSUM. Which ones are needed in my case? Is there somewhere a description of the flags? - Some tools (e.g. cell_log) give 'SAP' log messages, e.g: Failed to connect to '/tmp/osmocom_sap'. Failed during sap_open(), no SIM reader I suspect this is for communcation with SIM cards. How it is supposed to work? - Is this 'SAP' stuff only needed/useful for softSIMs? - Which application should create the /tmp/osmocom_sap socket? (osmocon only creates /tmp/osmocom_l2 and /tmp/osmocom_loader) - Would it be possible to remove the SIM card from my C118 and put it in an external SIM reader, and then let "mobile" use the SIM card in the external reader instead? Thanks Klaus PS: I'm willing to improve the documentation in the wiki with your answers ;-)

11 years, 2 months

5
9
0 0

Need instructions

by Akib Sayyed

Dear All I need instructions for flashing c155 with custom firmware. also i need to build linker script too.what all changes need to be done in flash.lds for e88 hw. will changes in only address and size part will work ?? can any one help me ?? -- Akib Sayyed Matrix-Shell akibsayyed(a)gmail.com akibsayyed(a)matrixshell.com Mob:- +91-966-514-2243

11 years, 2 months

1
0
0 0

slow osmocom website

by Klaus Darilion

Hi! The last days I experienced the website is sometimes very slow. Requests takes up to 30 seconds to be answered by the server. http://bb.osmocom.org/ is fast, but http://bb.osmocom.org/trac/ is slow. Thus I suspect a Trac or database problem. regards Klaus

11 years, 2 months

8
11
0 0

strange crashes in current main branch

by Tim Ehlers

Hi, I already mentioned a strange behavior, sometimes when running osmocom for a few days. I think this is a different issue, because it happens more frequently and the situation is a bit different. This problem does not occur with a binary from june 2012. So it has to be some change between june and now. But now the problem: When running a phone with the main branch (only tested), it sometime come to the situation that the phone says "connection pending" and is not reacting anymore. osmocon only logs periodically this line: TOA AVG is not 16 qbits, correcting (got 15) And mobile says: <0003> gsm322.c:474 Sync to ARFCN=694(DCS) rxlev=-80 (No sysinfo yet, ccch mode NONE) <000e> gsm48_mm.c:353 Periodic location update <0005> gsm48_mm.c:355 timer T3212 (periodic loc. upd. delay) has fired <0005> gsm48_mm.c:4338 (ms 1) Received 'MM_EVENT_TIMEOUT_T3212' event in state MM IDLE, normal service <000e> gsm48_mm.c:2222 Perform location update (MCC 262, MNC 07 LAC 0x27e9) <0005> gsm48_mm.c:2356 LOCATION UPDATING REQUEST <0005> gsm48_mm.c:2378 using LAI (mcc 262 mnc 07 lac 0x27e9) <0005> gsm48_mm.c:2386 using TMSI 0xXXXXXXXX <0005> gsm48_mm.c:917 new state MM IDLE, normal service -> wait for RR connection (location updating) <0001> gsm48_rr.c:5575 (ms 1) Message 'RR_EST_REQ' received in state idle (sapi 0) <000e> gsm48_rr.c:1352 Establish radio link due to mobility management request <0003> gsm322.c:4049 (ms 1) Event 'EVENT_LEAVE_IDLE' for Cell selection in state 'C3 camped normally' <0003> gsm322.c:829 new state 'C3 camped normally' -> 'connected mode 1' <0003> gsm322.c:3665 Going to camping (normal) ARFCN 664(DCS). <0003> gsm322.c:452 Sync to ARFCN=664(DCS), but there is a sync already pending <0001> gsm48_rr.c:355 new state idle -> connection pending <0001> gsm48_rr.c:1504 CHANNEL REQUEST: 00 (Location Update no NECI) Mobile says nothing when shutting the phone off or on: OsmocomBB(ms)#shutdown OsmocomBB(ms)# OsmocomBB(ms)#no shutdown OsmocomBB(ms)# Only logs: <0005> gsm48_mm.c:4342 (ms 1) Received 'MM_EVENT_IMSI_DETACH' event in state wait for RR connection (location updating) <0005> gsm48_mm.c:1992 IMSI detach delayed. Killing and restarting mobile leads to: eeepc:~ # mobile -i 127.0.0.1 Copyright (C) 2008-2010 ... Contributions by ... License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. <000f> sim.c:1223 init SIM client <0006> gsm48_cc.c:63 init Call Control <0007> gsm480_ss.c:231 init SS <0017> gsm411_sms.c:63 init SMS <0001> gsm48_rr.c:5626 init Radio Ressource process <0005> gsm48_mm.c:1327 init Mobility Management process <0005> gsm48_mm.c:1040 Selecting PLMN SEARCH state, because no SIM. <0002> gsm322.c:5037 init PLMN process <0003> gsm322.c:5038 init Cell Selection process <0003> gsm322.c:5095 Read stored BA list (mcc=262 mnc=01 Germany, T-Mobile) <0003> gsm322.c:5095 Read stored BA list (mcc=262 mnc=07 Germany, O2) Mobile '1' initialized, please start phone now! VTY available on port 4247. And layer1 still logs some: TOA AVG is not 16 qbits, correcting (got 15) TOA AVG is not 16 qbits, correcting (got 15) TOA AVG is not 16 qbits, correcting (got 15) Has anybody a clue how this could happen from time to time? Cheers Tim

11 years, 2 months

1
1
0 0

What's the difference between the hello_world.e88flash.bin and hello_world.compalram.bin

by qiuhan1989

As said in the topic, I don't know what is the difference between the two .bin file. And when I try the osmocon app, only the hello_world.compalram.bin works, why? Thanks in advance. -- View this message in context: http://baseband-devel.722152.n3.nabble.com/What-s-the-difference-between-th… Sent from the baseband-devel mailing list archive at Nabble.com.

11 years, 2 months

3
3
0 0

sylvain/testing: apps/trx/trx.c: inttypes.h:No such file or directory

by Erich Dachleger

Hi list, Yesterday when I tried to to make a new build of sylvain/testing I encountered following errors when running make(and also when running make HOST_layer23_CONFARGS=--enable-transceiver): -------------------------------------- make -C target/firmware CROSS_COMPILE=arm-elf- make[1]: Entering directory `/root/osmocom-bb/src/target/firmware' apps/trx/trx.c:22:22: inttypes.h: No such file or directory make[1]: Leaving directory `/root/osmocom-bb/src/target/firmware' make[1]: Entering directory `/root/osmocom-bb/src/target/firmware' apps/trx/trx.c:22:22: inttypes.h: No such file or directory make[1]: *** No rule to make target `apps/trx/trx.p', needed by `all'. Stop. make[1]: Leaving directory `/root/osmocom-bb/src/target/firmware' make: *** [firmware] Error 2 ------------------------------------------- Master branch builds fine on backtrack 5 r2 and so did also Sylvain/testing earlier. Searching mailing-list gives some info that removing inttypes.h can be done as that "is taken care of by upstrean libosmocore".However I have read that inntypes.h should exist. I tested and removed inttypes.h in trx/trx.c. Recompiling gives an error message about parse error before debug-message PRIu32 on line 69 in trx/trx.c. Commenting out that line makes it build, but as info obtained earlier I now guess I have also removed some key-functionality and my approach is wrong? Further searching gave some unclear/vague(mostly for other situations) hints that the line #include <inttypes.h> could be replaced by: #ifdef HAVE_STDINT_H #include <stdint.h> #else #include <include <inttypes.h> #endif I tested replacing #include <inttypes.h> by the abovein trx.c also but it didn't work. Any ideas or hints what migh be wrong? Enclosed is the full build-error-log from running without making any changes to inttypes.h. Regards erich

11 years, 2 months

2
4
0 0

Jan 23, 8pm / Osmocom Berlin User Group meeting

by Harald Welte

Hi all! This is the announcement for the latest incarnation of our bi-weekly Osmocom Berlin meeting. January 23, 8pm @ CCC Berlin, Marienstr. 11, 10113 Berlin There is no formal presentation scheduled for this meeting. However, we'll have a progress report + demonstration of current osmo-pcu. If you are interested to show up, feel free to do so. The meeting is free as in "free beer", despite no actual free beer being around ;) Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

11 years, 2 months

1
0
0 0

gsm450 in belgium

by g.roelant＠telenet.be

Hi, Does anyone know if gsm450 is encrypted with A5/1? and who is using gsm450 in belgium I can see signals on my ettus + external ant. there... kind regards

11 years, 2 months

3
2
0 0

Filter Modification

by Akib Sayyed

Dear List I tried to modify filter of osmocom c118 but i found that its not getting signals. loosing all signalls and showing all on 115dbm to 120dbm. what could have gone wrong ?? -- Akib Sayyed Matrix-Shell akibsayyed(a)gmail.com akibsayyed(a)matrixshell.com Mob:- +91-966-514-2243

11 years, 3 months

2
1
0 0

tranceiver support for osmo-bts

by Andreas Eversberg

hi, i would like to start implementing the trx manager interface support to osmo-bts. before going to work, i'm writing this mail, because i like to read some pros and cons for my approach. as already stated, thomas a. cooper already implemented an interface between sysmo-bts's dsp device and trx manager interface by using code from openbts, running in an own process [1]. i would like to follow a different approach by writing a scheduler and adding the udp interface for the trx(s). some benefits are in my oppinion: - not having an extra process running with additional latency and overhead - smaller code, because only a small multiframe scheduler + udp interface for the trx is required (coding scheme and forward error correction code can be used from libosmocore.) - no running after dsp's api changes, (caused by newer firmware of sysmobts) - trx specific features and limitations can be considered. (vty options for setting special features, limitations can affect oml ack/nack responses to be considered by bsc) - no use of multithreading, use of talloc. the code is easier to debug and so becomes more stable. - easy to add initial support for BCCH(+SDCCH4), SDCCH8, TCH/F, TCH/H, PDCH (gprs) for a whide range of applications. comments are welcome. regards, andreas [1] http://scholar.lib.vt.edu/theses/available/etd-05082012-141540/unrestricted…

11 years, 3 months

3
4
0 0

drawing of state machines

by Andreas Eversberg

hi, while reading about SMS state machines, i found some drawings that are not in the specs, but quite useful to understand some processes. they are: - MM idle process (MS side) - additions to CC (MS side) - SMC process (MS and network side) see http://home.eversberg.eu/gsm they might be useful and so i think they should be placed in the wiki. i would suggest to put them to OsmocomBB wiki in the "GSM Documentation" section. but i don't know if it is ok to publish the CC process, because it contains a scan of the original spec. any suggestions? regards, andreas

11 years, 3 months

5
8
0 0

[PATCH] Improve hex parser

by ☎

Hello. Current implementation of osmo_hexparse have couple of limitations (which are undocumented btw): * it refuses to parse odd-length numbers (e. g. 7abdf) * it fails while parsing 0x prefix (e. g. 0xdead) Both could be worked around by upper-layer code of course but since both cases above are perfectly valid hexadecimal numbers I think they should be handled by osmo_hexparse internally without complicating life of library users. Attached patch does just that. Please review and merge if it feels OK. -- best regards, Max, http://fairwaves.ru

11 years, 3 months

3
6
0 0

osmocombb: TS 3 -> TS failed

by jolly

hi, i just encountered the following problem: the network assigns me from TS 1 to TS 3 it worked, but not when it did another assigment from TS 3 to TS4. i just got noise instead of valid SACCH frames. TS Chg forth: 1 -> 3 | 1856 ... TS Chg forth: 3 -> 4 | 1875 this is the wireshark trace of both assignments. they only differ in the assigned slot: Frame 3225: 81 bytes on wire (648 bits), 81 bytes captured (648 bits) Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00) Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1) User Datagram Protocol, Src Port: 52261 (52261), Dst Port: gsmtap (4729) GSM TAP Header, ARFCN: 34 (Downlink), TS: 1, Channel: SDCCH/8 (0) Link Access Procedure, Channel Dm (LAPDm) GSM A-I/F DTAP - Assignment Command Protocol Discriminator: Radio Resources Management messages DTAP Radio Resources Management Message Type: Assignment Command (0x2e) Channel Description 2 - Description of the First Channel, after time 0000 1... = TCH/F + FACCH/F and SACCH/F .... .011 = Timeslot: 3 000. .... = Training Sequence: 0 ...1 .... = Hopping channel: Yes Hopping channel: MAIO 0 Hopping channel: HSN 0 Power Command 0... .... = Spare: 0 .0.. .... = EPC_mode: Channel(s) not in EPC mode ..0. .... = FPC_EPC: FPC not in use/C not in use for uplink power control ...0 0101 = POWER LEVEL: 5 Frequency List - Frequency List, after time Element ID: 5 Length: 16 00.. 000. = Format Identifier: bit map 0 (0x00) List of ARFCNs = 99 34 Channel Mode - Mode of the First Channel(Channel Set 1) Element ID: 99 Channel Mode: speech full rate or half rate version 2(GSM EFR) (33) No. Time Source Destination Protocol Info 3243 464.672890 127.0.0.1 127.0.0.1 LAPDm I, N(R)=1, N(S)=2(DTAP) (RR) Assignment Command Frame 3243: 81 bytes on wire (648 bits), 81 bytes captured (648 bits) Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00) Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1) User Datagram Protocol, Src Port: 52261 (52261), Dst Port: gsmtap (4729) GSM TAP Header, ARFCN: 99 (Downlink), TS: 3, Channel: FACCH/F (0) Link Access Procedure, Channel Dm (LAPDm) GSM A-I/F DTAP - Assignment Command Protocol Discriminator: Radio Resources Management messages DTAP Radio Resources Management Message Type: Assignment Command (0x2e) Channel Description 2 - Description of the First Channel, after time 0000 1... = TCH/F + FACCH/F and SACCH/F .... .100 = Timeslot: 4 000. .... = Training Sequence: 0 ...1 .... = Hopping channel: Yes Hopping channel: MAIO 0 Hopping channel: HSN 0 Power Command 0... .... = Spare: 0 .0.. .... = EPC_mode: Channel(s) not in EPC mode ..0. .... = FPC_EPC: FPC not in use/C not in use for uplink power control ...0 0101 = POWER LEVEL: 5 Frequency List - Frequency List, after time Element ID: 5 Length: 16 00.. 000. = Format Identifier: bit map 0 (0x00) List of ARFCNs = 99 34 Channel Mode - Mode of the First Channel(Channel Set 1) Element ID: 99 Channel Mode: speech full rate or half rate version 2(GSM EFR) (33) any idea why this does not work? i used the "[WIP] Ugly hack to compensate lost time on TS change (high TS -> low TS)" path. regards, andreas

11 years, 3 months

3
2
0 0

[PATCH] Improve hex parser robustness.

by Max

--- src/utils.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/src/utils.c b/src/utils.c index c36979c..525bff1 100644 --- a/src/utils.c +++ b/src/utils.c @@ -73,7 +73,7 @@ uint8_t osmo_char2bcd(char c) return c - 0x30; } -/*! \brief Parse a string ocntaining hexadecimal digits +/*! \brief Parse a string ocntaining hexadecimal digits, optionally prefixed with 0x * \param[in] str string containing ASCII encoded hexadecimal digits * \param[out] b output buffer * \param[in] max_len maximum space in output buffer @@ -81,10 +81,28 @@ uint8_t osmo_char2bcd(char c) int osmo_hexparse(const char *str, uint8_t *b, int max_len) { - int i, l, v; + int v; + size_t i, l = strlen(str); + + if (l > 2) { /* remove 0x prefix if any */ + if ('0' == str[0] && 'x' == str[1]) { + l -= 2; + str += 2; + } + } + + if (l & 1) i = l + 1; + else i = l; + char hs[i]; /* enough space to store additional leading 0 if str length is odd */ + + if (l & 1) { + memcpy(hs + 1, str, l); + hs[0] = '0'; + } else { + memcpy(hs, str, l); + } - l = strlen(str); - if ((l&1) || ((l>>1) > max_len)) + if ((l>>1) > max_len) return -1; memset(b, 0x00, max_len); -- 1.7.10.4 --------------040904080202060501050607--

11 years, 3 months

1
0
0 0

[PATCH] Improve hex parser robustness.

by Max

--- include/osmocom/core/utils.h | 2 ++ src/utils.c | 48 ++++++++++++++++++++++++++++++++++++------ 2 files changed, 44 insertions(+), 6 deletions(-) diff --git a/include/osmocom/core/utils.h b/include/osmocom/core/utils.h index 03861d7..05cb2a4 100644 --- a/include/osmocom/core/utils.h +++ b/include/osmocom/core/utils.h @@ -15,6 +15,7 @@ #define OSMO_MIN(a, b) ((a) >= (b) ? (b) : (a)) #include <stdint.h> +#include <stdbool.h> /*! \brief A mapping between human-readable string and numeric value */ struct value_string { @@ -30,6 +31,7 @@ char osmo_bcd2char(uint8_t bcd); /* only works for numbers in ascci */ uint8_t osmo_char2bcd(char c); +int osmo_hexparse_adv(const char *str, uint8_t *b, int max_len, bool allow_odd); int osmo_hexparse(const char *str, uint8_t *b, int max_len); char *osmo_ubit_dump(const uint8_t *bits, unsigned int len); diff --git a/src/utils.c b/src/utils.c index c36979c..8c1849e 100644 --- a/src/utils.c +++ b/src/utils.c @@ -3,7 +3,7 @@ #include <stdint.h> #include <errno.h> #include <stdio.h> - +#include <stdbool.h> #include <osmocom/core/utils.h> /*! \addtogroup utils @@ -73,24 +73,60 @@ uint8_t osmo_char2bcd(char c) return c - 0x30; } -/*! \brief Parse a string ocntaining hexadecimal digits +/*! \brief Parse a string ocntaining hexadecimal digits, optionally prefixed with 0x * \param[in] str string containing ASCII encoded hexadecimal digits * \param[out] b output buffer * \param[in] max_len maximum space in output buffer */ int osmo_hexparse(const char *str, uint8_t *b, int max_len) +{ + return osmo_hexparse_adv(str, b, max_len, false); +} +/*! \brief Parse a string ocntaining hexadecimal digits, optionally prefixed with 0x + * \param[in] str string containing ASCII encoded hexadecimal digits + * \param[out] b output buffer + * \param[in] max_len maximum space in output buffer + * \param[in] allow_odd allow odd length (prefix with 0 on the left side) + */ +int osmo_hexparse_adv(const char *str, uint8_t *b, int max_len, bool allow_odd) { - int i, l, v; + int v; + size_t i, l = strlen(str); + const char * src; + + if (l > 2) { /* remove 0x prefix if any */ + if ('0' == str[0] && 'x' == str[1]) { + l -= 2; + str += 2; + } + } + + if (allow_odd) { + if (l & 1) i = l + 1; + else i = l; + char hs[i]; /* enough space to store additional leading 0 if str length is odd */ + + if (l & 1) { + memcpy(hs + 1, str, l); + hs[0] = '0'; + } else { + memcpy(hs, str, l); + } + src = hs; + } else { + if (l & 1) + return -1; + src = str; + } - l = strlen(str); - if ((l&1) || ((l>>1) > max_len)) + if ((l>>1) > max_len) return -1; memset(b, 0x00, max_len); for (i=0; i<l; i++) { - char c = str[i]; + char c = src[i]; if (c >= '0' && c <= '9') v = c - '0'; else if (c >= 'a' && c <= 'f') -- 1.7.10.4 --------------070900070504060905060402--

11 years, 3 months

1
0
0 0

[PATCH] Improve hex parser robustness.

by Max

--- .gitignore | 1 + include/osmocom/core/utils.h | 5 ++++ src/utils.c | 68 ++++++++++++++++++++++++++++++++---------- tests/Makefile.am | 7 +++-- tests/hex/hex_test.c | 52 ++++++++++++++++++++++++++++++++ tests/hex/hex_test.ok | 18 +++++++++++ tests/testsuite.at | 6 ++++ 7 files changed, 140 insertions(+), 17 deletions(-) create mode 100644 tests/hex/hex_test.c create mode 100644 tests/hex/hex_test.ok diff --git a/.gitignore b/.gitignore index ac19b23..67d9196 100644 --- a/.gitignore +++ b/.gitignore @@ -58,6 +58,7 @@ tests/sms/sms_test tests/timer/timer_test tests/msgfile/msgfile_test tests/ussd/ussd_test +tests/hex/hex_test tests/smscb/smscb_test tests/bits/bitrev_test tests/a5/a5_test diff --git a/include/osmocom/core/utils.h b/include/osmocom/core/utils.h index 03861d7..5250094 100644 --- a/include/osmocom/core/utils.h +++ b/include/osmocom/core/utils.h @@ -30,6 +30,11 @@ char osmo_bcd2char(uint8_t bcd); /* only works for numbers in ascci */ uint8_t osmo_char2bcd(char c); +enum hex_len_policy { /* define how to deal with odd length during hex string parsing */ + HEX_ODD_NONE, HEX_ODD_LEFT, HEX_ODD_RIGHT +}; + +int osmo_hexparse_ext(const char *str, uint8_t *b, int max_len, enum hex_len_policy pol); int osmo_hexparse(const char *str, uint8_t *b, int max_len); char *osmo_ubit_dump(const uint8_t *bits, unsigned int len); diff --git a/src/utils.c b/src/utils.c index c36979c..cd11618 100644 --- a/src/utils.c +++ b/src/utils.c @@ -73,36 +73,74 @@ uint8_t osmo_char2bcd(char c) return c - 0x30; } -/*! \brief Parse a string ocntaining hexadecimal digits +/*! \brief Parse a string ocntaining hexadecimal digits, optionally prefixed with 0x * \param[in] str string containing ASCII encoded hexadecimal digits * \param[out] b output buffer * \param[in] max_len maximum space in output buffer */ int osmo_hexparse(const char *str, uint8_t *b, int max_len) +{ + return osmo_hexparse_ext(str, b, max_len, HEX_ODD_NONE); +} +inline int _osmo_hexval(char c) { - int i, l, v; + if (c >= '0' && c <= '9') + return c - '0'; + if (c >= 'a' && c <= 'f') + return 10 + (c - 'a'); + if (c >= 'A' && c <= 'F') + return 10 + (c - 'A'); + return -1; +} - l = strlen(str); - if ((l&1) || ((l>>1) > max_len)) +/*! \brief Parse a string ocntaining hexadecimal digits, optionally prefixed with 0x + * \param[in] str string containing ASCII encoded hexadecimal digits + * \param[out] b output buffer + * \param[in] max_len maximum space in output buffer + * \param[in] pol defines how to treat odd length case + */ +int osmo_hexparse_ext(const char *str, uint8_t *b, int max_len, enum hex_len_policy pol) +{ + int v; + size_t i, left_adj = 0, right_adj = 0, l = strlen(str); + const char * src; + + if (l > 2) { /* remove 0x prefix if any */ + if (!strncmp(str, "0x", 2)) { + l -= 2; + str += 2; + } + } + + if (l & 1) { + switch (pol) { + case HEX_ODD_LEFT: + left_adj = 1; + break; + case HEX_ODD_NONE: + return -1; + case HEX_ODD_RIGHT: + right_adj = 1; + break; + default: + return -1; + } + } + /* left_adj and right_adj are mutually exclusive so left_adj + right_adj is either 1 or 0 */ + if ((l>>1) > max_len + left_adj + right_adj) return -1; - memset(b, 0x00, max_len); + memset(b, 0x00, max_len + left_adj + right_adj); for (i=0; i<l; i++) { - char c = str[i]; - if (c >= '0' && c <= '9') - v = c - '0'; - else if (c >= 'a' && c <= 'f') - v = 10 + (c - 'a'); - else if (c >= 'A' && c <= 'F') - v = 10 + (c - 'A'); - else + v = _osmo_hexval(str[i]); + if (-1 == v) return -1; - b[i>>1] |= v << (i&1 ? 0 : 4); + b[(i + left_adj) >> 1] |= v << ( (i + left_adj) & 1 ? 0 : 4); } - return i>>1; + return (l + left_adj + right_adj)/2; } static char hexd_buff[4096]; diff --git a/tests/Makefile.am b/tests/Makefile.am index b60f675..fbefab1 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -4,7 +4,7 @@ check_PROGRAMS = timer/timer_test sms/sms_test ussd/ussd_test \ smscb/smscb_test bits/bitrev_test a5/a5_test \ conv/conv_test auth/milenage_test lapd/lapd_test \ gsm0808/gsm0808_test gsm0408/gsm0408_test \ - gb/bssgp_fc_test logging/logging_test + gb/bssgp_fc_test hex/hex_test logging/logging_test if ENABLE_MSGFILE check_PROGRAMS += msgfile/msgfile_test endif @@ -21,6 +21,9 @@ bits_bitrev_test_LDADD = $(top_builddir)/src/libosmocore.la conv_conv_test_SOURCES = conv/conv_test.c conv_conv_test_LDADD = $(top_builddir)/src/libosmocore.la +hex_hex_test_SOURCES = hex/hex_test.c +hex_hex_test_LDADD = $(top_builddir)/src/libosmocore.la + gsm0808_gsm0808_test_SOURCES = gsm0808/gsm0808_test.c gsm0808_gsm0808_test_LDADD = $(top_builddir)/src/libosmocore.la $(top_builddir)/src/gsm/libosmogsm.la @@ -77,7 +80,7 @@ EXTRA_DIST = testsuite.at $(srcdir)/package.m4 $(TESTSUITE) \ gsm0808/gsm0808_test.ok gb/bssgp_fc_tests.err \ gb/bssgp_fc_tests.ok gb/bssgp_fc_tests.sh \ msgfile/msgfile_test.ok msgfile/msgconfig.cfg \ - logging/logging_test.ok logging/logging_test.err + logging/logging_test.ok hex/hex_test.ok logging/logging_test.err DISTCLEANFILES = atconfig diff --git a/tests/hex/hex_test.c b/tests/hex/hex_test.c new file mode 100644 index 0000000..fa85065 --- /dev/null +++ b/tests/hex/hex_test.c @@ -0,0 +1,52 @@ +#include <stdio.h> +#include <stdlib.h> +#include <time.h> + +#include <osmocom/core/utils.h> + +/* ------------------------------------------------------------------------ */ +/* Test vectors */ +/* ------------------------------------------------------------------------ */ + +char * long_rand_x = "0xa63c3b465eb79b3e06ae66eb816eace"; +char * long_rand = "39ea2e536e6a2c0d3e59110df20e4bf"; +char * small_even_x = "0xDEAD"; +char * small_even = "FACE"; +char * small_odd_x = "0xFFACE"; +char * small_odd = "bee"; + +/* ------------------------------------------------------------------------ */ +/* Main */ +/* ------------------------------------------------------------------------ */ + +inline void _run_tests(char * vec, size_t len) +{ + uint8_t test[len]; + + int parsed = osmo_hexparse_ext(vec, test, len, HEX_ODD_NONE); + printf("NONE parsed %s: %d", vec, parsed); + if (-1 != parsed) printf(", dumped: %s\n", osmo_hexdump_nospc(test, len)); + else printf("\n"); + + parsed = osmo_hexparse_ext(vec, test, len, HEX_ODD_LEFT); + printf("LEFT parsed %s: %d", vec, parsed); + if (-1 != parsed) printf(", dumped: %s\n", osmo_hexdump_nospc(test, len)); + else printf("\n"); + + parsed = osmo_hexparse_ext(vec, test, len, HEX_ODD_RIGHT); + printf("RIGHT parsed %s: %d", vec, parsed); + if (-1 != parsed) printf(", dumped: %s\n", osmo_hexdump_nospc(test, len)); + else printf("\n"); +} + +int main(int argc, char argv[]) +{ + _run_tests(long_rand_x, 16); + _run_tests(long_rand, 16); + _run_tests(small_even_x, 2); + _run_tests(small_even, 2); + _run_tests(small_odd_x, 3); + _run_tests(small_odd, 2); + + return 0; +} diff --git a/tests/hex/hex_test.ok b/tests/hex/hex_test.ok new file mode 100644 index 0000000..1419b8c --- /dev/null +++ b/tests/hex/hex_test.ok @@ -0,0 +1,18 @@ +NONE parsed 0xa63c3b465eb79b3e06ae66eb816eace: -1 +LEFT parsed 0xa63c3b465eb79b3e06ae66eb816eace: 16, dumped: 0a63c3b465eb79b3e06ae66eb816eace +RIGHT parsed 0xa63c3b465eb79b3e06ae66eb816eace: 16, dumped: a63c3b465eb79b3e06ae66eb816eace0 +NONE parsed 39ea2e536e6a2c0d3e59110df20e4bf: -1 +LEFT parsed 39ea2e536e6a2c0d3e59110df20e4bf: 16, dumped: 039ea2e536e6a2c0d3e59110df20e4bf +RIGHT parsed 39ea2e536e6a2c0d3e59110df20e4bf: 16, dumped: 39ea2e536e6a2c0d3e59110df20e4bf0 +NONE parsed 0xDEAD: 2, dumped: dead +LEFT parsed 0xDEAD: 2, dumped: dead +RIGHT parsed 0xDEAD: 2, dumped: dead +NONE parsed FACE: 2, dumped: face +LEFT parsed FACE: 2, dumped: face +RIGHT parsed FACE: 2, dumped: face +NONE parsed 0xFFACE: -1 +LEFT parsed 0xFFACE: 3, dumped: 0fface +RIGHT parsed 0xFFACE: 3, dumped: fface0 +NONE parsed bee: -1 +LEFT parsed bee: 2, dumped: 0bee +RIGHT parsed bee: 2, dumped: bee0 diff --git a/tests/testsuite.at b/tests/testsuite.at index 1cfae03..cfbcf78 100644 --- a/tests/testsuite.at +++ b/tests/testsuite.at @@ -28,6 +28,12 @@ cat $abs_srcdir/conv/conv_test.ok > expout AT_CHECK([$abs_top_builddir/tests/conv/conv_test], [], [expout]) AT_CLEANUP +AT_SETUP([hex]) +AT_KEYWORDS([hex]) +cat $abs_srcdir/hex/hex_test.ok > expout +AT_CHECK([$abs_top_builddir/tests/hex/hex_test], [], [expout]) +AT_CLEANUP + if ENABLE_MSGFILE AT_SETUP([msgfile]) AT_KEYWORDS([msgfile]) -- 1.7.10.4 --------------040406000709000102010704--

11 years, 3 months

1
0
0 0

[PATCH] Improve hex parser robustness.

by Max

--- .gitignore | 1 + include/osmocom/core/utils.h | 5 ++++ src/utils.c | 68 ++++++++++++++++++++++++++++++++---------- tests/Makefile.am | 7 +++-- tests/hex/hex_test.c | 57 +++++++++++++++++++++++++++++++++++ tests/hex/hex_test.ok | 18 +++++++++++ tests/testsuite.at | 6 ++++ 7 files changed, 145 insertions(+), 17 deletions(-) create mode 100644 tests/hex/hex_test.c create mode 100644 tests/hex/hex_test.ok diff --git a/.gitignore b/.gitignore index ac19b23..67d9196 100644 --- a/.gitignore +++ b/.gitignore @@ -58,6 +58,7 @@ tests/sms/sms_test tests/timer/timer_test tests/msgfile/msgfile_test tests/ussd/ussd_test +tests/hex/hex_test tests/smscb/smscb_test tests/bits/bitrev_test tests/a5/a5_test diff --git a/include/osmocom/core/utils.h b/include/osmocom/core/utils.h index 03861d7..5250094 100644 --- a/include/osmocom/core/utils.h +++ b/include/osmocom/core/utils.h @@ -30,6 +30,11 @@ char osmo_bcd2char(uint8_t bcd); /* only works for numbers in ascci */ uint8_t osmo_char2bcd(char c); +enum hex_len_policy { /* define how to deal with odd length during hex string parsing */ + HEX_ODD_NONE, HEX_ODD_LEFT, HEX_ODD_RIGHT +}; + +int osmo_hexparse_ext(const char *str, uint8_t *b, int max_len, enum hex_len_policy pol); int osmo_hexparse(const char *str, uint8_t *b, int max_len); char *osmo_ubit_dump(const uint8_t *bits, unsigned int len); diff --git a/src/utils.c b/src/utils.c index c36979c..a93d72c 100644 --- a/src/utils.c +++ b/src/utils.c @@ -73,36 +73,74 @@ uint8_t osmo_char2bcd(char c) return c - 0x30; } -/*! \brief Parse a string ocntaining hexadecimal digits +/*! \brief Parse a string ocntaining hexadecimal digits, optionally prefixed with 0x * \param[in] str string containing ASCII encoded hexadecimal digits * \param[out] b output buffer * \param[in] max_len maximum space in output buffer */ int osmo_hexparse(const char *str, uint8_t *b, int max_len) +{ + return osmo_hexparse_ext(str, b, max_len, HEX_ODD_NONE); +} +static inline int _osmo_hexval(char c) { - int i, l, v; + if (c >= '0' && c <= '9') + return c - '0'; + if (c >= 'a' && c <= 'f') + return 10 + (c - 'a'); + if (c >= 'A' && c <= 'F') + return 10 + (c - 'A'); + return -1; +} - l = strlen(str); - if ((l&1) || ((l>>1) > max_len)) +/*! \brief Parse a string ocntaining hexadecimal digits, optionally prefixed with 0x + * \param[in] str string containing ASCII encoded hexadecimal digits + * \param[out] b output buffer + * \param[in] max_len maximum space in output buffer + * \param[in] pol defines how to treat odd length case + */ +int osmo_hexparse_ext(const char *str, uint8_t *b, int max_len, enum hex_len_policy pol) +{ + int v; + size_t i, left_adj = 0, right_adj = 0, l = strlen(str); + const char *src; + + if (l > 2) { /* remove 0x prefix if any */ + if (!strncmp(str, "0x", 2)) { + l -= 2; + str += 2; + } + } + + if (l & 1) { + switch (pol) { + case HEX_ODD_LEFT: + left_adj = 1; + break; + case HEX_ODD_NONE: + return -1; + case HEX_ODD_RIGHT: + right_adj = 1; + break; + default: + return -1; + } + } +/* left_adj and right_adj are mutually exclusive so left_adj + right_adj is either 1 or 0 */ + if ((l>>1) + left_adj + right_adj > max_len) return -1; memset(b, 0x00, max_len); - for (i=0; i<l; i++) { - char c = str[i]; - if (c >= '0' && c <= '9') - v = c - '0'; - else if (c >= 'a' && c <= 'f') - v = 10 + (c - 'a'); - else if (c >= 'A' && c <= 'F') - v = 10 + (c - 'A'); - else + for (i = 0; i < l; i++) { + v = _osmo_hexval(str[i]); + if (-1 == v) return -1; - b[i>>1] |= v << (i&1 ? 0 : 4); + b[(i + left_adj) >> 1] |= v << ((i + left_adj) & 1 ? 0 : 4); } - return i>>1; + return (l + left_adj + right_adj)/2; } static char hexd_buff[4096]; diff --git a/tests/Makefile.am b/tests/Makefile.am index b60f675..fbefab1 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -4,7 +4,7 @@ check_PROGRAMS = timer/timer_test sms/sms_test ussd/ussd_test \ smscb/smscb_test bits/bitrev_test a5/a5_test \ conv/conv_test auth/milenage_test lapd/lapd_test \ gsm0808/gsm0808_test gsm0408/gsm0408_test \ - gb/bssgp_fc_test logging/logging_test + gb/bssgp_fc_test hex/hex_test logging/logging_test if ENABLE_MSGFILE check_PROGRAMS += msgfile/msgfile_test endif @@ -21,6 +21,9 @@ bits_bitrev_test_LDADD = $(top_builddir)/src/libosmocore.la conv_conv_test_SOURCES = conv/conv_test.c conv_conv_test_LDADD = $(top_builddir)/src/libosmocore.la +hex_hex_test_SOURCES = hex/hex_test.c +hex_hex_test_LDADD = $(top_builddir)/src/libosmocore.la + gsm0808_gsm0808_test_SOURCES = gsm0808/gsm0808_test.c gsm0808_gsm0808_test_LDADD = $(top_builddir)/src/libosmocore.la $(top_builddir)/src/gsm/libosmogsm.la @@ -77,7 +80,7 @@ EXTRA_DIST = testsuite.at $(srcdir)/package.m4 $(TESTSUITE) \ gsm0808/gsm0808_test.ok gb/bssgp_fc_tests.err \ gb/bssgp_fc_tests.ok gb/bssgp_fc_tests.sh \ msgfile/msgfile_test.ok msgfile/msgconfig.cfg \ - logging/logging_test.ok logging/logging_test.err + logging/logging_test.ok hex/hex_test.ok logging/logging_test.err DISTCLEANFILES = atconfig diff --git a/tests/hex/hex_test.c b/tests/hex/hex_test.c new file mode 100644 index 0000000..5c060c4 --- /dev/null +++ b/tests/hex/hex_test.c @@ -0,0 +1,57 @@ +#include <stdio.h> +#include <stdlib.h> +#include <time.h> + +#include <osmocom/core/utils.h> + +/* ------------------------------------------------------------------------ */ +/* Test vectors */ +/* ------------------------------------------------------------------------ */ + +char * long_rand_x = "0xa63c3b465eb79b3e06ae66eb816eace"; +char * long_rand = "39ea2e536e6a2c0d3e59110df20e4bf"; +char * small_even_x = "0xDEAD"; +char * small_even = "FACE"; +char * small_odd_x = "0xFFACE"; +char * small_odd = "bee"; + +/* ------------------------------------------------------------------------ */ +/* Main */ +/* ------------------------------------------------------------------------ */ + +inline void _single_test(char * vec, size_t len, uint8_t * test, enum hex_len_policy pol) +{ + int r = osmo_hexparse_ext(vec, test, len, pol); + printf(" parsed %s (%u): %d", vec, len, r); + if (-1 != r) printf(", dumped: %s, check %x,%d,%d\n", osmo_hexdump_nospc(test, len), test[len - 1], test[len], test[len + 1]); + else printf("\n"); +} + +inline void _run_tests(char * vec, size_t len) +{ + uint8_t test[len + 4]; + int r; + + for (r = 0; r < len + 4; r++) test[r] = r; + + printf("NONE"); + _single_test(vec, len, test, HEX_ODD_NONE); + + printf("LEFT"); + _single_test(vec, len, test, HEX_ODD_LEFT); + + printf("RIGHT"); + _single_test(vec, len, test, HEX_ODD_RIGHT); +} + +int main(int argc, char **argv) +{ + _run_tests(long_rand_x, 16); + _run_tests(long_rand, 16); + _run_tests(small_even_x, 2); + _run_tests(small_even, 2); + _run_tests(small_odd_x, 3); + _run_tests(small_odd, 2); + + return 0; +} diff --git a/tests/hex/hex_test.ok b/tests/hex/hex_test.ok new file mode 100644 index 0000000..44e89d2 --- /dev/null +++ b/tests/hex/hex_test.ok @@ -0,0 +1,18 @@ +NONE parsed 0xa63c3b465eb79b3e06ae66eb816eace (16): -1 +LEFT parsed 0xa63c3b465eb79b3e06ae66eb816eace (16): 16, dumped: 0a63c3b465eb79b3e06ae66eb816eace, check ce,16,17 +RIGHT parsed 0xa63c3b465eb79b3e06ae66eb816eace (16): 16, dumped: a63c3b465eb79b3e06ae66eb816eace0, check e0,16,17 +NONE parsed 39ea2e536e6a2c0d3e59110df20e4bf (16): -1 +LEFT parsed 39ea2e536e6a2c0d3e59110df20e4bf (16): 16, dumped: 039ea2e536e6a2c0d3e59110df20e4bf, check bf,16,17 +RIGHT parsed 39ea2e536e6a2c0d3e59110df20e4bf (16): 16, dumped: 39ea2e536e6a2c0d3e59110df20e4bf0, check f0,16,17 +NONE parsed 0xDEAD (2): 2, dumped: dead, check ad,2,3 +LEFT parsed 0xDEAD (2): 2, dumped: dead, check ad,2,3 +RIGHT parsed 0xDEAD (2): 2, dumped: dead, check ad,2,3 +NONE parsed FACE (2): 2, dumped: face, check ce,2,3 +LEFT parsed FACE (2): 2, dumped: face, check ce,2,3 +RIGHT parsed FACE (2): 2, dumped: face, check ce,2,3 +NONE parsed 0xFFACE (3): -1 +LEFT parsed 0xFFACE (3): 3, dumped: 0fface, check ce,3,4 +RIGHT parsed 0xFFACE (3): 3, dumped: fface0, check e0,3,4 +NONE parsed bee (2): -1 +LEFT parsed bee (2): 2, dumped: 0bee, check ee,2,3 +RIGHT parsed bee (2): 2, dumped: bee0, check e0,2,3 diff --git a/tests/testsuite.at b/tests/testsuite.at index 1cfae03..cfbcf78 100644 --- a/tests/testsuite.at +++ b/tests/testsuite.at @@ -28,6 +28,12 @@ cat $abs_srcdir/conv/conv_test.ok > expout AT_CHECK([$abs_top_builddir/tests/conv/conv_test], [], [expout]) AT_CLEANUP +AT_SETUP([hex]) +AT_KEYWORDS([hex]) +cat $abs_srcdir/hex/hex_test.ok > expout +AT_CHECK([$abs_top_builddir/tests/hex/hex_test], [], [expout]) +AT_CLEANUP + if ENABLE_MSGFILE AT_SETUP([msgfile]) AT_KEYWORDS([msgfile]) -- 1.7.10.4 --------------080702070805090503080203--

11 years, 3 months

1
0
0 0

sylvains talk from 29c3

by Vic Delorge

Speaker: Sylvain Munaut or how to turn a phone into a BTS The calypso baseband and its companion chips are used on the Motorola C123 among other and are now well known for being supported by the Osmocom-BB open source GSM baseband implementation. A couple years ago, it was hacked a little further by using it as a raw bits capture device allowing the interception of GSM traffic very cheaply. This talk will present some further work on that platform, showing that just because a device wasn't design for a given task doesn't mean it can't do it. More specifically how you can hack this phone to act as a GSM basestation and broadcast your own network. http://youtu.be/xFjVcxMpA6c

11 years, 3 months

3
3
0 0

calypso-talk 29c3

by Erich Dachleger

Hi list, I saw the interesting talk about turning the osmocombb-phone into a proof of concept bts using openbts. During the talk:When OpenBts was configured(before using sipauthserve) was it the option --with-uhd (as is for umtrx )that was used? Does anybody know when the code will be released? [I built sylvain/testing branch as well as branch jolly/meas branch some days ago, but I couldn't find that code anywhere, so I guess it is not available anywhere yet] regards erich

11 years, 3 months

1
0
0 0

Re: GTA02 Burst_ind baudrate

by Alex Badea

On Thu, Jan 10, 2013 at 11:33 PM, Heiko Besemann <heiko(a)noordsee.de> wrote: > > Hello Alex, You should send mail to the mailing list, instead of specific individuals. This way, i) you may get a responder quicker, and ii) information can reach other interested people. > > I read on Osmocom-BB mailing-list that you are using a GTA02 with > cross-compiled tools. Well, I did cross-compiling of the sylvain/burst_ind > branch for the OpenMoko, but starting osmocon I get an error that the > higher non-standard baudrate can not be set to /dev/ttySAC0. On the GTA02 the calypso is wired to one internal UART of the application processor SoC. AFAIR the SoC only supports up to 115200 bps so it won't be usable with burst_ind. Cheers, Alex

11 years, 3 months

3
2
0 0

Re: MDL-Error in case of OsmocomBB+OpenBTS

by Pavel Baturko

Hi, Erich, I'm using OpenBTS with USRP B100 & SBX. I encountered new problem, maybe it's similar to initial problem. Calls and MO SMS works fine (not in 100%, but it's ok). But MT SMS does not work (actually I received only 1 SMS from many attempts). Mobile log (error part, from line 454): <0001> gsm48_rr.c:429 new SAPI 3 link state idle -> established <000e> gsm48_rr.c:5042 Radio link SAPI3 is established <0005> gsm48_mm.c:3911 (ms 1) Received 'RR_EST_IND' from RR in state wait for network command (sapi 3) <0001> gsm48_rr.c:662 MON: f=50 lev=>=-47 snr= 0 ber= 0 LAI=001 01 0001 ID=0001 TA=3 pwr=19 TS=0/0 <0001> gsm48_rr.c:2864 MEAS REP: pwr=19 TA=3 meas-invalid=0 rxlev-full=-47 rxlev-sub=-47 rxqual-full=0 rxqual-sub=0 dtx 0 ba 0 no-ncell-n 0 <0001> gsm48_rr.c:4767 Indicated ta 3 (actual ta 3) <0001> gsm48_rr.c:4769 Indicated tx_power 19 <0001> gsm48_rr.c:4767 Indicated ta 3 (actual ta 3) <0001> gsm48_rr.c:4769 Indicated tx_power 19 <0001> gsm48_rr.c:4984 MDL-Error (cause 4) ignoring Dropping frame with 71 bit errors <0001> gsm48_rr.c:4767 Indicated ta 3 (actual ta 3) <0001> gsm48_rr.c:4769 Indicated tx_power 19 <0001> gsm48_rr.c:662 MON: f=50 lev=>=-47 snr=10 ber= 42 LAI=001 01 0001 ID=0001 TA=3 pwr=19 TS=0/0 <0001> gsm48_rr.c:2864 MEAS REP: pwr=19 TA=3 meas-invalid=0 rxlev-full=-47 rxlev-sub=-47 rxqual-full=0 rxqual-sub=0 dtx 0 ba 0 no-ncell-n 0 <0001> gsm48_rr.c:3389 channel release request with cause 0x62 <0001> gsm48_rr.c:355 new state dedicated -> release pending In trace (from packet 5509): BTS send SABM MS receive SABM MS respond with UA BTS receive UA BTS send I frame MS receive SABM (extra message?) MS respond with UA BTS receive UA BTS send DM (disconnect request? because of extra UA respond from MS?) BTS send Channel Release after that MS receive I frame and send RR with ack but as I understand this does not matter because of Chan Release.. Thanks, Pavel On Thu, Jan 10, 2013 at 6:02 PM, Erich Dachleger <edachleger(a)yahoo.com> wrote: > What do you use to generate the network? > The osmocombb-phone or other bts? > cheers > Erich > > ________________________________ > Fra: Pavel Baturko <pabftk(a)gmail.com> > Til: baseband-devel(a)lists.osmocom.org > Sendt: Mandag, 7. januar 2013 21.04 > Emne: MDL-Error in case of OsmocomBB+OpenBTS > > Hi list, > > I'm trying to connect my OsmocomBB phone to OpenBTS and I always got > MDL-Error in mobile app log when MS trying to perform LU. > Part of log (full mobile log in attach): > <0001> gsm48_rr.c:355 new state connection pending -> dedicated > <0005> gsm48_mm.c:3911 (ms 1) Received 'RR_EST_CNF' from RR in state wait > for RR connection (location updating) (sapi 0) > <0005> gsm48_mm.c:404 starting T3210 (loc. upd. timeout) with 20.0 seconds > <0005> gsm48_mm.c:924 new state wait for RR connection (location updating) > -> location updating initiated > <0001> gsm48_rr.c:4984 MDL-Error (cause 3) ignoring > <0001> gsm48_rr.c:4987 MDL-Error (cause 3) aborting > <0001> gsm48_rr.c:355 new state dedicated -> idle > > In wireshark trace (from OpenBTS, attached) I see that MS sends LURequest > (packet 359) and BTS responds with LUAccept (packet 440) but MS never > receive this message because of error. > > As I understand this is "unsolicited UA response" from 08.58 (9.3.22) but I > do not know how to fix that or properly debug. > I'm using latest sylvain/testing and official OpenBTS 2.8. "Usual" (not with > OsmocomBB) phones works with OpenBTS fine and OsmocomBB phones works fine > with "usual" (not OpenBTS) networks. > > Thanks, > Pavel > >

11 years, 3 months

1
0
0 0

Unencrypted MT

by Dario Lombardo

Hi list! As described in Nico Golde's talk at 29c3, mobile operators can deactivate encryption on MT SMSes. To check if a MT is encrypted I've started 'mobile' with GSMTAP, and I've sent an sms to the mobile. Encryption seems to be requested by the network. Now the question is: how can I be sure that encryption is always activated? Should I exaustively send messages to the mobile in order to look for unecrypted messages? Or is there some other way? People who give stats about MNO do exaustive tests, or simply generate a bunch of events and campute stats on those results? Thanks for your answers/opinions. Dario.

11 years, 3 months

3
3
0 0

Cleaning up stuff

by Dario Lombardo

Hi guys This is a question related to the compilation system of osmocom-bb. For an unknown reason, something has gone wrong with my compiled binaries, so now I would like to clean up everything as it was freshly checked out, before restarting the compilation. How can I do it? Make clean and make distclean seem not to be enough, since my compilation now fails with: cd ./doc && tar cf html.tar */html make[3]: Leaving directory `/home/dario/Projects/mobile/osmocom-bb/src/shared/libosmocore/build-target' make[2]: Leaving directory `/home/dario/Projects/mobile/osmocom-bb/src/shared/libosmocore/build-target' make[1]: Leaving directory `/home/dario/Projects/mobile/osmocom-bb/src/shared/libosmocore/build-target' cd host/layer23 && ./configure checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for a thread-safe mkdir -p... /bin/mkdir -p checking for gawk... no checking for mawk... mawk checking whether make sets $(MAKE)... yes checking whether make supports nested variables... yes checking whether make sets $(MAKE)... (cached) yes checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking for style of include used by make... GNU checking dependency style of gcc... gcc3 checking for ranlib... ranlib checking for pkg-config... /usr/bin/pkg-config checking pkg-config is at least version 0.9.0... yes checking for LIBOSMOCORE... no configure: error: Package requirements (libosmocore) were not met: No package 'libosmocore' found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables LIBOSMOCORE_CFLAGS and LIBOSMOCORE_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. make: *** [host/layer23/Makefile] Error 1 How can I clean up everything? Any help appreciated. Thanks Dario.

11 years, 3 months

3
3
0 0

[PATCH] Typos

by Dario Lombardo

Attached a small patch that fixes a couple of typos. Have a nice day. Dario.

11 years, 3 months

2
1
0 0

MDL-Error in case of OsmocomBB+OpenBTS

by Pavel Baturko

Hi list, I'm trying to connect my OsmocomBB phone to OpenBTS and I always got MDL-Error in mobile app log when MS trying to perform LU. Part of log (full mobile log in attach): <0001> gsm48_rr.c:355 new state connection pending -> dedicated <0005> gsm48_mm.c:3911 (ms 1) Received 'RR_EST_CNF' from RR in state wait for RR connection (location updating) (sapi 0) <0005> gsm48_mm.c:404 starting T3210 (loc. upd. timeout) with 20.0 seconds <0005> gsm48_mm.c:924 new state wait for RR connection (location updating) -> location updating initiated <0001> gsm48_rr.c:4984 MDL-Error (cause 3) ignoring <0001> gsm48_rr.c:4987 MDL-Error (cause 3) aborting <0001> gsm48_rr.c:355 new state dedicated -> idle In wireshark trace (from OpenBTS, attached) I see that MS sends LURequest (packet 359) and BTS responds with LUAccept (packet 440) but MS never receive this message because of error. As I understand this is "unsolicited UA response" from 08.58 (9.3.22) but I do not know how to fix that or properly debug. I'm using latest sylvain/testing and official OpenBTS 2.8. "Usual" (not with OsmocomBB) phones works with OpenBTS fine and OsmocomBB phones works fine with "usual" (not OpenBTS) networks. Thanks, Pavel

11 years, 3 months

7
11
0 0

Re: Cleaning up stuff

by Dario Lombardo

I've done it and now everything works, thanks. But I've noticed that this requirement is not documented anywhere. Wiki should be updated or new users will stuck at this point. On Mon, Jan 7, 2013 at 7:00 PM, Erich Dachleger <edachleger(a)yahoo.com>wrote: > Did you install libosmocore first?One must do that now > regards > erich > >

11 years, 3 months

1
0
0 0

Sylvain/testing branch compile error in gsm411

by Karsten Krummeich

Hi list, I want to play with the mobile_app with TX and SIM-card support, so I checkout the sylvain/testing branch described in the wiki but the following error message occurs. The master branch work's very fine on my HW (C123). Can someone give me a hint, what should I do to get a working testset with SIM support? Here the shell-output by makeing sylvain/testing branch ...... CC gsm411_sms.o gsm411_sms.c: In Funktion »gsm340_rx_tpdu«: gsm411_sms.c:228:19: Warnung: Variable »sms_mms« gesetzt, aber nicht verwendet [-Wunused-but-set-variable] gsm411_sms.c: In Funktion »gsm411_rx_rp_ud«: gsm411_sms.c:375:2: Warnung: Format »%li« erwartet Argumenttyp »long int«, aber Argument 7 hat Typ »int« [-Wformat] gsm411_sms.c: In Funktion »gsm411_tx_sms_submit«: gsm411_sms.c:657:3: Warnung: Übergabe des Arguments 4 von »gsm411_smc_init« von inkompatiblem Zeigertyp [standardmäßig aktiviert] /home/kasio/osmocom-bb/src/shared/libosmocore/include/osmocom/gsm/gsm0411_smc.h:46:6: Anmerkung: »int (*)(struct gsm411_smc_inst *, int, struct msgb *, int)« erwartet, aber Argument hat Typ »int (*)(struct gsm411_smc_inst *, int, struct msgb *)« gsm411_sms.c:657:3: Fehler: zu viele Argumente für Funktion »gsm411_smc_init« /home/kasio/osmocom-bb/src/shared/libosmocore/include/osmocom/gsm/gsm0411_smc.h:46:6: Anmerkung: hier deklariert gsm411_sms.c:659:3: Fehler: zu viele Argumente für Funktion »gsm411_smr_init« /home/kasio/osmocom-bb/src/shared/libosmocore/include/osmocom/gsm/gsm0411_smr.h:27:6: Anmerkung: hier deklariert gsm411_sms.c: In Funktion »gsm411_rcv_sms«: gsm411_sms.c:911:4: Warnung: Übergabe des Arguments 4 von »gsm411_smc_init« von inkompatiblem Zeigertyp [standardmäßig aktiviert] /home/kasio/osmocom-bb/src/shared/libosmocore/include/osmocom/gsm/gsm0411_smc.h:46:6: Anmerkung: »int (*)(struct gsm411_smc_inst *, int, struct msgb *, int)« erwartet, aber Argument hat Typ »int (*)(struct gsm411_smc_inst *, int, struct msgb *)« gsm411_sms.c:911:4: Fehler: zu viele Argumente für Funktion »gsm411_smc_init« /home/kasio/osmocom-bb/src/shared/libosmocore/include/osmocom/gsm/gsm0411_smc.h:46:6: Anmerkung: hier deklariert gsm411_sms.c:913:4: Fehler: zu viele Argumente für Funktion »gsm411_smr_init« /home/kasio/osmocom-bb/src/shared/libosmocore/include/osmocom/gsm/gsm0411_smr.h:27:6: Anmerkung: hier deklariert make[3]: *** [gsm411_sms.o] Fehler 1 make[3]: Verlasse Verzeichnis '/home/kasio/osmocom-bb/src/host/layer23/src/mobile' make[2]: *** [all-recursive] Fehler 1 make[2]: Verlasse Verzeichnis '/home/kasio/osmocom-bb/src/host/layer23/src' make[1]: *** [all-recursive] Fehler 1 make[1]: Verlasse Verzeichnis '/home/kasio/osmocom-bb/src/host/layer23' make: *** [host/layer23/layer23] Fehler 2 kasio@T60:~/osmocom-bb/src$ Thanks a lot for your help. kasio

11 years, 3 months

4
7
0 0

PySIM write SMSC

by Kurtis Heimerl

Hey Baseband, I've got a stock of SIMs I bought and programmed already, but I unfortunately (and stupidly) forgot to set the SMSC. This is causing me heaps of issues, as each phone now has to have the SMSC set manually. I was hoping to hack up a quick script which just inserts the SMSC onto the SIM without needing to regenerate the ki or IMSI. Lining those up with my database is rife with hazard. Looking at the pySim-prog, it looks like this probably isn't possible; all of the data seems to get bundled together and so changing the SMSC length will cause other data to be corrupted. Is that right? I just wanted to see what ya'll think would be the best way for me to remedy my particular stupidity. Thanks!

11 years, 3 months

3
4
0 0

layer23 on GTA02 AP and ARM unaligned memory access

by Alex Badea

Hi list, I'm running layer23 apps on the Application Processor of the OpenMoko GTA02, which is also an ARM. I noticed that some parts of code try to access words in memory which are not naturally aligned. [ The first symptom was "Err from socket: Bad address" given by osmocon. This is because a bogus length header read from the L2 unix socket was overflowing a static 4K buffer. The bogus length was due to an unaligned uint16_t write in osmo_send_l1() -- for an L1CTL_DATA_REQ I think. ] The easy and inefficient workaround for this is to ask the kernel[1] to fix up these accesses: echo 3 > /proc/cpu/alignment Cheers, Alex [1] http://lxr.linux.no/#linux+v3.7.1/Documentation/arm/mem_alignment

11 years, 3 months

2
1
0 0

[PATCH] l1: add CBCH flag to dedicated mode

by Alex Badea

Add a .cbch_mode member to struct l1ctl_dm_est_req. If set, this instructs L1 to use the CBCH variant of SDCCH for dedicated mode (no uplink, no SACCH). Add the new cbch_mode flag to l1ctl_tx_dm_est_req* API calls. Clear it everywhere, except for app_cbch_sniff. Signed-off-by: Alex Badea <vamposdecampos(a)gmail.com> --- The extra struct member might be a bit excessive; an alternative would be to abuse audio_mode, which is not used for signalling channels. include/l1ctl_proto.h | 1 + src/host/layer23/include/osmocom/bb/common/l1ctl.h | 5 +++-- src/host/layer23/src/common/l1ctl.c | 6 ++++-- src/host/layer23/src/misc/app_cbch_sniff.c | 4 ++-- src/host/layer23/src/mobile/gsm48_rr.c | 4 ++-- src/target/firmware/include/layer1/mframe_sched.h | 3 +++ src/target/firmware/layer1/l23_api.c | 12 +++++++----- src/target/firmware/layer1/mframe_sched.c | 14 ++++++++++++++ 8 files changed, 36 insertions(+), 13 deletions(-) diff --git a/include/l1ctl_proto.h b/include/l1ctl_proto.h index 771bf1c..55f0ffc 100644 --- a/include/l1ctl_proto.h +++ b/include/l1ctl_proto.h @@ -233,6 +233,7 @@ struct l1ctl_dm_est_req { }; uint8_t tch_mode; uint8_t audio_mode; + uint8_t cbch_mode; } __attribute__((packed)); struct l1ctl_dm_freq_req { diff --git a/src/host/layer23/include/osmocom/bb/common/l1ctl.h b/src/host/layer23/include/osmocom/bb/common/l1ctl.h index 46a333e..f25a516 100644 --- a/src/host/layer23/include/osmocom/bb/common/l1ctl.h +++ b/src/host/layer23/include/osmocom/bb/common/l1ctl.h @@ -25,10 +25,11 @@ int l1ctl_tx_rach_req(struct osmocom_ms *ms, uint8_t ra, uint16_t offset, /* Transmit L1CTL_DM_EST_REQ */ int l1ctl_tx_dm_est_req_h0(struct osmocom_ms *ms, uint16_t band_arfcn, - uint8_t chan_nr, uint8_t tsc, uint8_t tch_mode, uint8_t audio_mode); + uint8_t chan_nr, uint8_t tsc, uint8_t tch_mode, uint8_t audio_mode, + uint8_t cbch_mode); int l1ctl_tx_dm_est_req_h1(struct osmocom_ms *ms, uint8_t maio, uint8_t hsn, uint16_t *ma, uint8_t ma_len, uint8_t chan_nr, uint8_t tsc, - uint8_t tch_mode, uint8_t audio_mode); + uint8_t tch_mode, uint8_t audio_mode, uint8_t cbch_mode); /* Transmit L1CTL_DM_FREQ_REQ */ int l1ctl_tx_dm_freq_req_h0(struct osmocom_ms *ms, uint16_t band_arfcn, diff --git a/src/host/layer23/src/common/l1ctl.c b/src/host/layer23/src/common/l1ctl.c index 5898b22..57003af 100644 --- a/src/host/layer23/src/common/l1ctl.c +++ b/src/host/layer23/src/common/l1ctl.c @@ -461,7 +461,7 @@ int l1ctl_tx_rach_req(struct osmocom_ms *ms, uint8_t ra, uint16_t offset, /* Transmit L1CTL_DM_EST_REQ */ int l1ctl_tx_dm_est_req_h0(struct osmocom_ms *ms, uint16_t band_arfcn, uint8_t chan_nr, uint8_t tsc, uint8_t tch_mode, - uint8_t audio_mode) + uint8_t audio_mode, uint8_t cbch_mode) { struct msgb *msg; struct l1ctl_info_ul *ul; @@ -484,6 +484,7 @@ int l1ctl_tx_dm_est_req_h0(struct osmocom_ms *ms, uint16_t band_arfcn, req->h0.band_arfcn = htons(band_arfcn); req->tch_mode = tch_mode; req->audio_mode = audio_mode; + req->cbch_mode = cbch_mode; return osmo_send_l1(ms, msg); } @@ -491,7 +492,7 @@ int l1ctl_tx_dm_est_req_h0(struct osmocom_ms *ms, uint16_t band_arfcn, int l1ctl_tx_dm_est_req_h1(struct osmocom_ms *ms, uint8_t maio, uint8_t hsn, uint16_t *ma, uint8_t ma_len, uint8_t chan_nr, uint8_t tsc, uint8_t tch_mode, - uint8_t audio_mode) + uint8_t audio_mode, uint8_t cbch_mode) { struct msgb *msg; struct l1ctl_info_ul *ul; @@ -519,6 +520,7 @@ int l1ctl_tx_dm_est_req_h1(struct osmocom_ms *ms, uint8_t maio, uint8_t hsn, req->h1.ma[i] = htons(ma[i]); req->tch_mode = tch_mode; req->audio_mode = audio_mode; + req->cbch_mode = cbch_mode; return osmo_send_l1(ms, msg); } diff --git a/src/host/layer23/src/misc/app_cbch_sniff.c b/src/host/layer23/src/misc/app_cbch_sniff.c index 8256eaf..6df2f11 100644 --- a/src/host/layer23/src/misc/app_cbch_sniff.c +++ b/src/host/layer23/src/misc/app_cbch_sniff.c @@ -57,12 +57,12 @@ static int try_cbch(struct osmocom_ms *ms, struct gsm48_sysinfo *s) return l1ctl_tx_dm_est_req_h1(ms, s->maio, s->hsn, s->hopping, s->hopp_len, s->chan_nr, s->tsc, - GSM48_CMODE_SIGN, 0); + GSM48_CMODE_SIGN, 0, 1); } else { LOGP(DRR, LOGL_INFO, "chan_nr = 0x%02x TSC = %d ARFCN = %d\n", s->chan_nr, s->tsc, s->arfcn); return l1ctl_tx_dm_est_req_h0(ms, s->arfcn, - s->chan_nr, s->tsc, GSM48_CMODE_SIGN, 0); + s->chan_nr, s->tsc, GSM48_CMODE_SIGN, 0, 1); } } diff --git a/src/host/layer23/src/mobile/gsm48_rr.c b/src/host/layer23/src/mobile/gsm48_rr.c index 3d15494..a21758c 100644 --- a/src/host/layer23/src/mobile/gsm48_rr.c +++ b/src/host/layer23/src/mobile/gsm48_rr.c @@ -3002,10 +3002,10 @@ static int gsm48_rr_activate_channel(struct osmocom_ms *ms, if (cd->h) l1ctl_tx_dm_est_req_h1(ms, cd->maio, cd->hsn, ma, ma_len, cd->chan_nr, cd->tsc, cd->mode, - rr->audio_mode); + rr->audio_mode, 0); else l1ctl_tx_dm_est_req_h0(ms, cd->arfcn, cd->chan_nr, cd->tsc, - cd->mode, rr->audio_mode); + cd->mode, rr->audio_mode, 0); rr->dm_est = 1; /* old SI 5/6 are not valid on a new dedicated channel */ diff --git a/src/target/firmware/include/layer1/mframe_sched.h b/src/target/firmware/include/layer1/mframe_sched.h index ecdb1ec..74e2d27 100644 --- a/src/target/firmware/include/layer1/mframe_sched.h +++ b/src/target/firmware/include/layer1/mframe_sched.h @@ -23,6 +23,9 @@ enum mframe_task { MF_TASK_SDCCH8_6, MF_TASK_SDCCH8_7, + MF_TASK_SDCCH4_CBCH, + MF_TASK_SDCCH8_CBCH, + MF_TASK_TCH_F_EVEN, MF_TASK_TCH_F_ODD, MF_TASK_TCH_H_0, diff --git a/src/target/firmware/layer1/l23_api.c b/src/target/firmware/layer1/l23_api.c index ae39e63..215fc00 100644 --- a/src/target/firmware/layer1/l23_api.c +++ b/src/target/firmware/layer1/l23_api.c @@ -72,7 +72,7 @@ enum mf_type { MF26ODD, MF26EVEN }; -static uint32_t chan_nr2mf_task_mask(uint8_t chan_nr, uint8_t neigh_mode) +static uint32_t chan_nr2mf_task_mask(uint8_t chan_nr, uint8_t neigh_mode, uint8_t cbch) { uint8_t cbits = chan_nr >> 3; uint8_t tn = chan_nr & 0x7; @@ -90,11 +90,11 @@ static uint32_t chan_nr2mf_task_mask(uint8_t chan_nr, uint8_t neigh_mode) master_task = MF_TASK_TCH_H_0 + lch_idx; } else if ((cbits & 0x1c) == 0x04) { lch_idx = cbits & 0x3; - master_task = MF_TASK_SDCCH4_0 + lch_idx; + master_task = cbch ? MF_TASK_SDCCH4_CBCH : (MF_TASK_SDCCH4_0 + lch_idx); multiframe = MF51; } else if ((cbits & 0x18) == 0x08) { lch_idx = cbits & 0x7; - master_task = MF_TASK_SDCCH8_0 + lch_idx; + master_task = cbch ? MF_TASK_SDCCH8_CBCH : (MF_TASK_SDCCH8_0 + lch_idx); multiframe = MF51; #if 0 } else if (cbits == 0x10) { @@ -225,7 +225,8 @@ static void l1ctl_rx_dm_est_req(struct msgb *msg) struct l1ctl_info_ul *ul = (struct l1ctl_info_ul *) l1h->data; struct l1ctl_dm_est_req *est_req = (struct l1ctl_dm_est_req *) ul->payload; - printd("L1CTL_DM_EST_REQ (arfcn=%u, chan_nr=0x%02x, tsc=%u)\n", + printd("L1CTL_DM_EST_REQ %s(arfcn=%u, chan_nr=0x%02x, tsc=%u)\n", + est_req->cbch_mode ? "CBCH " : "", ntohs(est_req->h0.band_arfcn), ul->chan_nr, est_req->tsc); /* disable neighbour cell measurement of C0 TS 0 */ @@ -262,7 +263,8 @@ static void l1ctl_rx_dm_est_req(struct msgb *msg) } /* figure out which MF tasks to enable */ - l1a_mftask_set(chan_nr2mf_task_mask(ul->chan_nr, NEIGH_MODE_PM)); + l1a_mftask_set(chan_nr2mf_task_mask(ul->chan_nr, NEIGH_MODE_PM, + est_req->cbch_mode)); } /* receive a L1CTL_DM_FREQ_REQ from L23 */ diff --git a/src/target/firmware/layer1/mframe_sched.c b/src/target/firmware/layer1/mframe_sched.c index f3a6b43..0a9ff1e 100644 --- a/src/target/firmware/layer1/mframe_sched.c +++ b/src/target/firmware/layer1/mframe_sched.c @@ -198,6 +198,15 @@ static const struct mframe_sched_item mf_sdcch8_7[] = { { .sched_set = NULL } }; +static const struct mframe_sched_item mf_sdcch8_cbch[] = { + { .sched_set = NB_QUAD_FH_DL, .modulo = 51, .frame_nr = 8 }, + { .sched_set = NULL } +}; +static const struct mframe_sched_item mf_sdcch4_cbch[] = { + { .sched_set = NB_QUAD_DL, .modulo = 51, .frame_nr = 32 }, + { .sched_set = NULL } +}; + /* Measurement for MF 51 C0 */ static const struct mframe_sched_item mf_neigh_pm51_c0t0[] = { { .sched_set = NEIGH_PM , .modulo = 51, .frame_nr = 0 }, @@ -327,6 +336,9 @@ static const struct mframe_sched_item *sched_set_for_task[32] = { [MF_TASK_SDCCH8_6] = mf_sdcch8_6, [MF_TASK_SDCCH8_7] = mf_sdcch8_7, + [MF_TASK_SDCCH4_CBCH] = mf_sdcch4_cbch, + [MF_TASK_SDCCH8_CBCH] = mf_sdcch8_cbch, + [MF_TASK_TCH_F_EVEN] = mf_tch_f_even, [MF_TASK_TCH_F_ODD] = mf_tch_f_odd, [MF_TASK_TCH_H_0] = mf_tch_h_0, @@ -361,6 +373,7 @@ uint8_t mframe_task2chan_nr(enum mframe_task mft, uint8_t ts) cbits = 0x04 + 1; break; case MF_TASK_SDCCH4_2: + case MF_TASK_SDCCH4_CBCH: cbits = 0x04 + 2; break; case MF_TASK_SDCCH4_3: @@ -373,6 +386,7 @@ uint8_t mframe_task2chan_nr(enum mframe_task mft, uint8_t ts) cbits = 0x08 + 1; break; case MF_TASK_SDCCH8_2: + case MF_TASK_SDCCH8_CBCH: cbits = 0x08 + 2; break; case MF_TASK_SDCCH8_3: -- 1.7.0.4

11 years, 3 months

3
6
0 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

baseband-devel January 2013